FreeBSD CVE-2013-5209 Information Disclosure Vulnerability

FreeBSD is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.

Information

Bugtraq ID: 61939
Class: Unknown
CVE: CVE-2013-5209

Remote: Yes
Local: No
Published: Aug 22 2013 12:00AM
Updated: May 22 2017 02:00PM
Credit: Julian Seward, Michael Tuexen
Vulnerable: Oracle Communications Session Border Controller SCZ7.4.0
Oracle Communications Session Border Controller SCZ7.3.0
Oracle Communications Session Border Controller SCZ7.2.0
McAfee FireWall Enterprise 8.3.1P02
McAfee FireWall Enterprise 8.3.1
FreeBSD FreeBSD 9.2
FreeBSD FreeBSD 9.1
FreeBSD FreeBSD 9.0
FreeBSD FreeBSD 8.4
FreeBSD FreeBSD 8.3
FreeBSD FreeBSD 8.0
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64

Not Vulnerable: McAfee FireWall Enterprise 8.3.1P04

Exploit

An attacker can exploit this issue using a web browser.

References:

• FreeBSD Homepage (FreeBSD)
  
• FreeBSD-SA-13:10.sctp: Kernel memory disclosure in sctp(4) (FreeBSD)
  
• KB79597: Firewall Enterprise 8.3.1P04 Release Bulletin (McAfee)
  
• Oracle Critical Patch Update Advisory - April 2017 (Oracle)
  

Source: www.securityfocus.com